View previous topic :: View next topic |
Author |
Message |
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Sat Apr 24, 2004 2:56 am Post subject: Server Security |
|
|
I recently did a port scan on my server, and I noticed:
Those are all UDP ports.
I've tried many ways to block those; and the truth is; they may be blocked anyway. I have not forwarded any of those ports on my router, and my firewall s set to deny all requests from those, but they still show up on port scans.
Anyone have an idea on how to get rid of those? _________________ Bienvenidos! |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Sat Apr 24, 2004 8:02 am Post subject: |
|
|
What OS are you running as a server, and what are you using to scan? Some port scanners struggle to return reliable results particularly on older Windows OS's. Don't hold much faith in pre-written port number lists for anything over port 1024 either...
I wouldn't expect to see anything but the Netbios open on most Windows desktop OS's once you've finished disabling all the pointless services. Did you scan it from behind your router? As you said yourself, remember these ports will be inaccessible anyway unless you put your server into the DMZ.
Use FPort from Foundstone to track what processes have what services open.
http://www.foundstone.com/middleframe.htm?subnav=resources/navigation.htm&subcontent=%2Fresources%2Fintrusion_detection.htm
Either remove or disable the relevant services... |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Sat Apr 24, 2004 9:14 am Post subject: |
|
|
I got a chance to scan from in front of my router (the outside) and that is what I got. I am usually inside, so port scans are useless.
XP is my server (I want to go back to 2003) and no, it is definitely not in the DMZ. I just don't like them showing up in a port scan, even if they don't work.
I was using GFI LanGuard Network Security Scanner for the port scan (a very useful tool to secure computers). _________________ Bienvenidos! |
|
Back to top |
|
|
Foxified -
Joined: 13 Apr 2004 Posts: 487 Location: Canada
|
Posted: Sat Apr 24, 2004 10:29 am Post subject: |
|
|
http://scan.sygate.com/
Tests all sorts of ways to get into your comp, udp, icmp, trojan, stealth, tcp
My firewall blocks all (well most of them, 80 is open)
try this also?
Maybe your firewall isnt as good as they tell u 8O or something else.. |
|
Back to top |
|
|
olly86 -
Joined: 25 Apr 2003 Posts: 993 Location: Wiltshire, UK
|
Posted: Sat Apr 24, 2004 2:10 pm Post subject: |
|
|
I would highly recommend using this one from GRC, as it's the best free one that I've found. It can do allsorts of other things as well
https://grc.com/x/ne.dll?bh0bkyd2 _________________ Olly |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Sat Apr 24, 2004 2:15 pm Post subject: |
|
|
Scans from in front of the router could be affected by various ISP settings such as transparent proxy/caches etc. Also UDP is a very unreliable protocol to scan - I wouldn't trust the results much... It could also be that your router lets random ports appear open to confuse scanners with OS detection. The port list may also be inaccurate for UDP ports rather than TCP... I wouldn't worry about it. |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Sat Apr 24, 2004 10:04 pm Post subject: |
|
|
Foxified and Olly86: I know about both ShieldsUP! and Sygate.
Anonymoose: GFI LanGuard does use OS Detection, so that may be the problem. I am not really worried about people getting in on those ports, I just don't want them showing up in a security scan. When I get a chance, I'll use NMap and see what it says. _________________ Bienvenidos! |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Sat Apr 24, 2004 11:43 pm Post subject: |
|
|
Want me to PM you an Nmap scan ? |
|
Back to top |
|
|
iNaNimAtE -
Joined: 05 Nov 2003 Posts: 2381 Location: Everywhere you're not.
|
Posted: Sun Apr 25, 2004 12:55 am Post subject: |
|
|
Sure (since it will be a couple days until I get back to my Linux box). _________________ Bienvenidos! |
|
Back to top |
|
|
|